I've beat my head on this for a little bit now, and just need an extra set of braincells.
I'm trying to get Wifi calling working, so that associates in more basement-y locations can use their phones. However, I can't get the IPSec tunnel it uses to establish. I've grabbed a capture at the router, see the ISE_AUTH exchange, and then the mobile phone sends a Next Payload: Delete.
Firewall is FTD running 6.2.3.4. These source wifi networks have a prefilter fastpass to the /16 I've identified belonging to Verizon with a destination port of UDP 500 or UDP 4500.
When I connect through my Meraki lab (on a business Comcast connection), there's no issue here. This leads me to believe there's either a PAT issue, or possibly an MTU issue with the enterprise Cisco Wifi/WLC encapsulation. In the prod network, I do see more fragments than I do with the Meraki lab.
(For the purposes of this conversation, I'm only working on Verizon at this time, as that encompasses most of our phones)
No comments:
Post a Comment